Summary
| Detail | |||
|---|---|---|---|
| Vendor | Debian | First view | 2010-02-02 |
| Product | Lintian | Last view | 2019-11-07 |
| Version | 1.23.16 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:debian:lintian | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.3 | 2019-11-07 | CVE-2013-1429 | Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. |
| 7.8 | 2017-05-08 | CVE-2017-8829 | Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. |
| 7.5 | 2010-02-02 | CVE-2009-4015 | Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments. |
| 7.5 | 2010-02-02 | CVE-2009-4014 | Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module. |
| 9.8 | 2010-02-02 | CVE-2009-4013 | Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (1) | CWE-502 | Deserialization of Untrusted Data |
| 20% (1) | CWE-134 | Uncontrolled Format String |
| 20% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 20% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 20% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-23 | File System Function Injection, Content Based |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-76 | Manipulating Input to File System Calls |
| CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
| CAPEC-79 | Using Slashes in Alternate Encoding |
| CAPEC-139 | Relative Path Traversal |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 62127 | Lintian Filename Shell Metacharacter Arbitrary Command Execution |
| 62126 | Lintian Multiple Module Remote Format String |
| 62125 | Lintian Control Field / File Traversal Arbitrary File Overwrite |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-01-29 | Name : Ubuntu Update for lintian vulnerabilities USN-891-1 File : nvt/gb_ubuntu_USN_891_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-06-07 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3310-1.nasl - Type: ACT_GATHER_INFO |
| 2010-02-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1979.nasl - Type: ACT_GATHER_INFO |
| 2010-01-28 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-891-1.nasl - Type: ACT_GATHER_INFO |
